I’ve noticed in my dns logs that a specific host is very talkative. Even if my DNS server is able to hande the load I wanted to avoid sending several hundred thousand queries per day to it. To avoid that all of those queries are sent to my DNS server I decided to use dnsmasq to cache the queries.
The server in question runs Rocky Linux, so the install and configuration went like this.
Install the packages:sudo dnf install dnsmasq dnsmasq-utils
Edit the NetworkManager configuration (/etc/NetworkManager/NetworkManager.conf) to not handle DNS:[main]
dns=none
The /etc/resolve.conf had to be modified to use localhost instead of the upstream server. This will be handled by dnsmasq.search mydomain.localnameserver 127.0.0.1
nameserver ::1
Now it’s time to set the configuration of dnsmasq. Start with backing up the existing configuration.sudo cp /etc/dnsmasq.conf{,.orig}
My /etc/dnsmasq.conf then look like this:
port=53
listen-address=127.0.0.1,10.100.1.11,::1,::11
domain-needed
expand-hosts
min-cache-ttl=3600
server=10.100.1.53
server=fe80::53
domain=mydomain.local
cache-size=10000
user=dnsmasq
group=dnsmasq
interface=lo
bind-interfaces
local-ttl=600
log-queries #For debuging
log-facility=/var/log/dnsmasq/dnsmasq.log
conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig
Enable and start the dnsmasq service.sudo systemctl enable --now dnsmasq
Verify that the service is running.systemctl status dnsmasq
Use “dig” to verify that dnsmasq is resolving the queries.dig a google.com
The reply should look like this:
; <<>> DiG 9.16.20-RH <<>> a google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 300 IN A 172.217.21.174
;; Query time: 50 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; MSG SIZE rcvd: 55